0

I have got ip 51.158.89.0/27 and I need to configure reverse dns with bind9.

I configure bind9 like this :

file named.conf : 

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

files named.conf.options :

options {
directory "/var/cache/bind";
allow-query { any; };
allow-recursion { localnets; };
allow-query-cache { localnets; };
allow-transfer{ none; };
listen-on { any; };
version none;
};

file named.conf.local : 

zone "89.158.51.in-addr.arpa" in{
    type master;
    file "/etc/bind/51.158.89.0-31.db";
   };

file 51.158.89.0-31.db : 

; BIND reverse data file for local loopback interface
$ORIGIN 89.158.51.IN-ADDR.ARPA.
@            IN  SOA   ns1.whoople.fr. infrastructure.whoople.fr. (
                          2019071501 ; serial number
                          2h         ; refresh
                          15m        ; update retry
                          2w         ; expiry
                          3h         ; nx = nxdomain ttl
                          )
            IN      NS      ns1.whoople.fr.
            IN      NS      ns2.whoople.fr.
22          IN      PTR     mail.universals.email.
30          IN      PTR     ns1.whoople.fr.

In logs we can see zone loaded : 

Jul 15 10:57:41 ns1 named[39636]: /etc/bind/51.158.89.0-31.db:5: no TTL specified; using SOA MINTTL instead
Jul 15 10:57:41 ns1 named[39636]: zone 0/27.89.158.51.in-addr.arpa/IN: loaded serial 2019071501
Jul 15 10:57:41 ns1 named[39636]: all zones loaded

With a customer computer I tried this command 

-- #nslookup 51.159.89.22
;; Got SERVFAIL reply from 192.168.1.1, trying next server
;; Got SERVFAIL reply from fe80::ad5:9dff:fef5:f472, trying next server
** server can't find 22.89.158.51.in-addr.arpa: SERVFAIL

I can see in server dns in syslog file

Jul 15 10:59:57 ns1 named[39636]: client **.**.**.**#34091 (22.0-27.89.158.51.in-addr.arpa): query (cache) '22.0-27.89.158.51.in-addr.arpa/PTR/IN' denied

Do you have an idea? Regards, Clement

Clément Mutz
  • 1
  • 1
  • 3
  • Can you show your full `bind.conf` please - it looks like you may not have allowed your clients, or your hosting provider does not allow you to set the reverse address – user3788685 Jul 15 '19 at 22:18
  • Yes sure. I added named.conf and named.conf.options. Thank you for your help – Clément Mutz Jul 16 '19 at 07:03
  • It looks like your reverse may not be delegated - I should be able to get online sometime after 20:00GMT. Can you check with your hosting provider if they support reverse dns. It might be worth checking before we carry on with this. – user3788685 Jul 16 '19 at 14:40
  • thank you for your answer. I edit files "named.conf.local" and "51.158.89.0-31.db" I changed the value origin like this $ORIGIN 89.158.51.IN-ADDR.ARPA. and zone name like this zone "89.158.51.in-addr.arpa" in{ Now in local nslookup 51.158.89.22 works But it doesn't work with customer computer.. – Clément Mutz Jul 17 '19 at 12:19
  • It won't work with external customers as they will not be querying your name server. Reverse delegation is different to forward and requires extra steps which you can't do alone. I'll type you up an answer if you like later tonight or tomorrow evening. – user3788685 Jul 17 '19 at 18:33

0 Answers0